Error in JavaMail : PKIX path building failed unable to find valid certification path to requested target

Question

I am trying to build an email client app in android and right now i want to configure the javaMail part.

i am trying to establish the connection with the imap server

Answer 1

You can try upgrade library javax.mail.jar at https://java.net/projects/javamail/pages/Home (now version is 1.5.5) and add code :

MailSSLSocketFactory sf = new MailSSLSocketFactory();
sf.setTrustAllHosts(true); 
properties.put("mail.imap.ssl.trust", "*");
properties.put("mail.imap.ssl.socketFactory", sf);

Answer 2

Ok problem solved!

The solution is this:

First get the self-signed certificate from the mail server via openssl:

echo | openssl s_client -connect yoursever:port 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > yourcert.pem

Then save the yourcert.pem file into this path /Library/Java/Home/lib/security (on macOSX) and put the cert file into the cacerts like this

keytool -keystore cacerts -importcert -alias youralias -file yourcert.pem

The default keystore password is changeit

You can view the change that you made with this command that shows the Certificate fingerprint.

keytool -list -keystore cacerts

After this you should pass these argument in VM

(for windows and linux type yourpath between " " )

-Djavax.net.ssl.trustStore="/Library/Java/Home/lib/security/cacerts"

-Djavax.net.ssl.trustStorePassword="changeit"

For Debug:

-Djava.security.debug=certpath

-Djavax.net.debug=trustmanager

Answer 3

I also have run across this problem when talking to a mail server. However, the root cause was that the server (Exchange 2013) had both a real certificate AND a self-signed applied to it. The appropriate course of action was to remove the self-signed on the server because it was taking precedence and blocking the real certificate.

Answer 4

I've lost so many days searching for a solution, and this post was helps to me. I had the same problem. I created a pem file like here, and then, the cert file .pem, was incrusted in cacert file (a copy called TrustStore.jks) with this command:

keytool.exe -import -noprompt -keystore TrustStore.jks -storepass changeit ^ -alias DOMAINNAME -file MYCERTFILE.pem

(DOMAINNAME must be replace by hostname -this trick is very important-, and MYCERTFILE by file recent create...)

I hope that this solution can helps to somebody.

Answer 5

easy way to solve this problem by getiing certificate file from Java 7

copy the "cacerts" file from following java 7 directory

C:\Program Files\Java\jdk1.7.0_79\jre\lib\security

and paste it in java 6 directory

C:\Program Files\Java\jdk1.6.0\jre\lib\security

Answer 6

This JavaMail FAQ entry should help.

Quoted text from the linked site:

Q: When connecting to my mail server over SSL I get an exception like "unable to find valid certification path to requested target".

A: Your server is probably using a test certificate or self-signed certificate instead of a certificate signed by a commercial Certificate Authority. You'll need to install the server's certificate into your trust store. The InstallCert program will help.

Alternatively, you can set the "mail.protocol.ssl.trust" property to the host name of your mail server. See the javadocs for the protocol provider packages for details.

Other common causes of this problem are:

• There's a firewall or anti-virus program intercepting your request.
• There's something wrong in your JDK installation preventing it from finding the certificates for the trusted certificate authorities.
• You're running in an application server that has overridden the JDK's list of trusted certificate authorities.